Move local key and flags computations to the end

These can be safely done later and are in the way here.
We're going to want to use these with winbind auth, *after* it
has computed the auth message.

diff --git a/src/gss_sec_ctx.c b/src/gss_sec_ctx.c
index 8e430339a9636697c4a379e61c9caf180f764815..89972e650810dec17bf3b44ee8c210df81b089e2 100644 (file)
--- a/src/gss_sec_ctx.c
+++ b/src/gss_sec_ctx.c
@@ -609,26 +609,9 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status,
             }
         }
 
-        if (protect) {
-            retmin = ntlm_signseal_keys(in_flags, true,
-                                        &ctx->exported_session_key,
-                                        &ctx->crypto_state);
-            if (retmin) {
-                retmaj = GSS_S_FAILURE;
-                goto done;
-            }
-        }
-
         /* in_flags all verified, assign as current flags */
         ctx->neg_flags |= in_flags;
 
-        if (ctx->neg_flags & NTLMSSP_NEGOTIATE_SIGN) {
-            ctx->gss_flags |= GSS_C_INTEG_FLAG;
-        }
-        if (ctx->neg_flags & NTLMSSP_NEGOTIATE_SEAL) {
-            ctx->gss_flags |= GSS_C_CONF_FLAG & GSS_C_INTEG_FLAG;
-        }
-
         enc_sess_key.data = encrypted_random_session_key.data;
         enc_sess_key.length = encrypted_random_session_key.length;
 
@@ -662,6 +645,23 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status,
             ctx->int_flags |= NTLMSSP_CTX_FLAG_AUTH_WITH_MIC;
         }
 
+        if (protect) {
+            retmin = ntlm_signseal_keys(in_flags, true,
+                                        &ctx->exported_session_key,
+                                        &ctx->crypto_state);
+            if (retmin) {
+                retmaj = GSS_S_FAILURE;
+                goto done;
+            }
+        }
+
+        if (ctx->neg_flags & NTLMSSP_NEGOTIATE_SIGN) {
+            ctx->gss_flags |= GSS_C_INTEG_FLAG;
+        }
+        if (ctx->neg_flags & NTLMSSP_NEGOTIATE_SEAL) {
+            ctx->gss_flags |= GSS_C_CONF_FLAG & GSS_C_INTEG_FLAG;
+        }
+
         ctx->stage = NTLMSSP_STAGE_DONE;
 
         output_token->value = malloc(ctx->auth_msg.length);